安装组件：

• keystone

注：安装服务均遵循以下步骤：

• mariadb创库授权
• keystone创建角色并关联
• keystone创建服务注册API
• 安装相应服务软件包
• 修改配置文件
• 同步数据库
• 启动服务
• 验证

安装keystone：

• 创库授权：

mysql <<EOF

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

IDENTIFIED BY 'KEYSTONE_DBPASS';

EOF

• 安装相应服务软件包：

yum install openstack-keystone httpd mod_wsgi -y

yum install openstack-utils -y

• 修改配置文件：

cp /etc/keystone/keystone.conf{,.bak}

grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf

openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

openstack-config --set /etc/keystone/keystone.conf token provider fernet

• 同步数据库:

su -s /bin/sh -c "keystone-manage db_sync" keystone

• keystone创建角色并关联
• keystone创建服务注册API

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \

--bootstrap-admin-url http://controller:5000/v3/ \

--bootstrap-internal-url http://controller:5000/v3/ \

--bootstrap-public-url http://controller:5000/v3/ \

--bootstrap-region-id RegionOne

echo "ServerName controller" >>/etc/httpd/conf/httpd.conf

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

• 启动服务

systemctl enable httpd.service

systemctl start httpd.service

• 创建域、项目、用户、角色

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

openstack domain create --description "An Example Domain" example

openstack project create --domain default \

--description "Service Project" service

openstack project create --domain default \

--description "Demo Project" myproject

openstack user create --domain default \

--password MYUSER_PASS myuser

openstack role create myrole

openstack role add --project myproject --user myuser myrole

注：admin已经默认存在了。

• 创建环境变量脚本

touch admin-openrc

echo '

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2 ' > /root/admin-openrc

touch demo-openrc

#demo-openrc

echo '

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=myproject

export OS_USERNAME=myuser

export OS_PASSWORD=MYUSER_PASS

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2 ' >/root/demo-openrc

• 验证：

source /root/admin-openrc

openstack token issue